This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills: The software developer's life manual and have John Sonmez on-line!
See this thread for details.
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Preventing users from seeing old data using their browser back button

 
Rob Micah
Ranch Hand
Posts: 94
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a question about the way requests work upon using the back button in a browser. I have 3 servlets. The first has a form that upon submission queries a database and forwards the request on to the second. The second servlet displays information from the results of the database search and displays a form to go to servlet #3. The third servlet displays a link for payment on an external website. What I am attempting to do is prevent the user from using their back button to view out-of-date results from the database in servlets #2 and #3. Servlets #1 and #2 use GET method while #3 uses POST. So the logic is like this:

  • Servlet #1: User submits search form. Store results in HttpSession.
  • Servlet #2: Check for valid HttpSession. Display search results
  • Servlet #3: Check for valid HttpSession. Display link for payment on third party site


  • In servlets #2 and #3 if a valid HttpSession isn't detected up front I am redirecting to the home page. To check for out-of-date information I have added a check in servlet #3 in its request-handler to check the database to make sure the results stored in the session still match what's on the database. If not, invalidate the session and redirect to the homepage. Now if I alter the database, either manually or by making a payment, and use my back button of my browser to back up to servlet #2 it appears that a new request is submitted because I see updated results.

    So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?
     
    Cole Terry
    Ranch Hand
    Posts: 45
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Rob Micah wrote:
    So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?


    Probably no, because the browser may cache the previous page and it does not re-contact the server when using Back button. Unless you put "no-cache" in the response headers from the Servlet.
     
    Kumaravadivel Subramani
    Ranch Hand
    Posts: 171
    Java Linux Spring
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Yes web browser caches the POST form request details and when to hit F5/Backspace or click on web browser's back button it actually re-sends it. To avoid this there could be more ways but my suggestion is to make a dummy request after POST request (Have stored all data of POST request in httpsession) which actually would go to browser and comes to the servlet. This is to overwrite the web browser cache and valuable requests such as payment request can be stripped out of re-sending. I've implement the solution in my web site long back and working fine. Ensure this method won't be a problem of your performance.
     
    Rob Micah
    Ranch Hand
    Posts: 94
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Even though I didn't set no-cache in the header of servlet #2 it appears that it was sometimes re-sending the GET request. So what I wound up doing was changing that request method from servlet #1 to POST as well. The reason is because most browsers, if not all, will warn the user they are navigating back to a page that received a POST request and the browser will send a new request to the server.
     
    Kumar Raja
    Ranch Hand
    Posts: 547
    2
    Hibernate Java Spring
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator

    Check PRG
     
    Michael Kato
    Greenhorn
    Posts: 12
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Kumar Raja wrote:
    Check PRG

    Post-Redirect-Get doesn't solve this at all. Even the example demo at your link allows you to hit back and see the entered data.
     
    Amit Ghorpade
    Bartender
    Posts: 2851
    10
    Fedora Firefox Browser Java
    • 0
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    There are two ways to get about this
    1) Don't allow the browser to cache the page.
    2) Use javascript to work with history.
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic